Configuring A User Privilege Level - HP 5120 series Configuration Manual

Level
3

Configuring a user privilege level

A user privilege level can be configured by using AAA authentication parameters or under a user
interface.
Configure user privilege level by using AAA authentication parameters
If the authentication mode of a user interface is scheme, the user privilege level of users logging into the
user interface is specified in AAA authentication configuration.
Follow these steps to configure the user privilege level by using AAA authentication parameters:
To do...
Enter system view
Enter user interface view
Specify the scheme authentication
mode
Return to system view
Configure the authentication mode
for SSH users as password
Configure the
user privilege
level by using
AAA
authentication
parameters
Example of configuring a user privilege level by using AAA authentication parameters
# You are required to authenticate the users that telnet to the switch through VTY 1, verify their username
and password, and specify the user privilege level as 3.
Privilege Description
Involves commands that influence the basic operation of the system and
commands for configuring system support modules.
By default, commands at this level involve the configuration commands of file
Manage
system, FTP, TFTP, Xmodem download, user management, level setting, and
parameter settings within a system (which are not defined by any protocols or
RFCs).
Use the command...
system-view
user-interface { first-num1
[ last-num1 ] | { aux | vty }
first-num2 [ last-num2 ] }
authentication-mode scheme
quit
For more information about SSH,
see the Security Configuration
Guide.
•
Using local
•
authentication
Using remote
authentication
Configure the user privilege level
(RADIUS,
on the authentication server
HWTACACS
authentications)
Use the local-user command to
create a local user and enter
local user view.
Use the level keyword in the
authorization-attribute
command to configure the user
privilege level.
15
Remarks
—
—
Required
By default, the authentication
mode for VTY users is password,
and no authentication is needed
for AUX login users.
—
Required if users use SSH to log in,
and username and password are
needed at authentication
Use either approach
•
For local authentication, if you
do not configure the user
privilege level, the user
privilege level is 0.
•
For remote authentication, if
you do not configure the user
privilege level, the user
privilege level depends on the
default configuration of the
authentication server.